/**
* @param Project $project
*
* @return boolean
*/
protected function doAccess(Project $project)
{
if (null === $this->initialProjectAccess) {
# no initial project access means the project is public
return true;
}
if (!$project->getIsPrivate()) {
# public projects don't have access management
return true;
}
# this is one special ip that cannot be revoked
# it is used to keep the access list "existing"
# thus activating auth on the staging areas
# yes, it's a bit hacky.
$this->grantProjectAccess($project, new ProjectAccess('0.0.0.0'));
# this, however, is perfectly legit.
$this->grantProjectAccess($project, $this->initialProjectAccess);
return true;
}
/**
* @param Project $project
*/
public function installHooks(Project $project)
{
$user = $project->getUsers()->first();
$neededScope = $project->getIsPrivate() ? Scope::SCOPE_PRIVATE : Scope::SCOPE_PUBLIC;
if (!$this->hasScope($user, $neededScope)) {
throw new InsufficientScopeException($neededScope, $user->getProviderScopes($this->getName()));
}
$githubHookUrl = $this->router->generate('app_core_hooks_provider', ['providerName' => $this->getName()], true);
/** When generating hooks from the VM, we'd rather have it pointing to a real URL */
$githubHookUrl = str_replace('http://localhost', 'http://stage1.io', $githubHookUrl);
$hooksUrl = $project->getProviderData('hooks_url');
$client = $this->configureClientForProject($project);
$events = [];
if ($this->countPushHooks($project) === 0) {
$events[] = 'push';
}
if ($this->countPullRequestHooks($project) === 0) {
$events[] = 'pull_request';
}
if (count($events) === 0) {
return true;
}
$request = $client->post($hooksUrl);
$request->setBody(json_encode(['name' => 'web', 'active' => true, 'events' => ['push', 'pull_request'], 'config' => ['url' => $githubHookUrl, 'content_type' => 'json']]), 'application/json');
$response = $request->send();
$installedHook = $response->json();
$providerData = $project->setProviderData('hook_id', $installedHook['id']);
}
